The mobile (smart)phone is becoming an increasingly important device in security related applications. More and more people use their phone for securing transactions over the Internet; banks allow users to check their balance and transfer small amounts of money via applications on their smartphone, home automation devices are controlled via the smartphone and a user's mobile phone is often used as a second factor for authentication (e.g. out of band unique code sent via SMS or out of band verification message sent to smartphone app) towards cloud services.
As smartphones are personal devices, carried together with the user at all or most times, they are suitable to increase security to relatively high levels. In support of this trend, several mobile device makers are adding technology to strengthen the security of the mobile phone platform. Secure elements are added to the phone's hardware, but also more advanced security software is developed for this purpose, varying from secure mobile platform software to secure element technologies that interact with servers in the cloud.
However, even though an increasing number are being performed on a smartphone, a number of operations will not migrate to the smartphone; television, desktop computers, tablets, and the like continue to be important.
There is therefore a need to setup a secure connection between a first device of a user, say a computing device, such as a PC, laptop, tablet, and the like, and a second device of the user, say his/her smartphone. Currently, to establish a connection between a first device and a second device several connection technologies may be used.
For security and speed, a direct channel such as NFC, USB or Bluetooth seems ideal. However these direct channels also come with several inconveniences. The user preferably does not want to hassle with additional cables (USB) and none of these technologies is universally available (NFC is not widely adopted, Bluetooth is typically present on laptops but not on regular PCs, not all tablets have a USB port).
A much more generic and convenient way of setting up a secure channel between phone and computing device would be to use a computer network connection, e.g. over the Internet. One may assume nowadays that almost all devices have a network connection. However, connecting over the Internet on the other hand presents its own security challenges since many attacks come from the network side. An additional problem that we face when setting up connections via the Internet is ease of use. The end-user does not want to configure routers and firewalls to make such a channel possible. A secure and elegant solution is therefore needed.